In recent years, services that obtain attribute information (age, sex, address, etc.) and activity information (location information, purchase information, etc.) of a privacy information holder to utilize the information for delivering advertisements of interest to the privacy information holder have attracted attention.
In such a service, since the attribute information and the activity information are privacy information, the privacy of a privacy information holder will be violated if a privacy information user, who provides the service, unilaterally acquires and utilizes the privacy information. Therefore, a privacy information holder needs to be able to control how a privacy information user handles privacy information (disclosure requirements, data protection requirements, etc.).
As a method for performing such control, Non-Patent Literature (NPL) 1 describes a policy-based control method using P3P (Platform for Privacy Preferences).
In P3P, privacy information collected by a privacy information user (service provider) and the way this information is handled are set as a policy file (referred to as “service policy” hereinafter) written in XML (Extensible Markup Language), and by investigating whether or not conditions of data disclosure match between a policy file (referred to as “user policy” hereinafter) describing a data disclosure policy set in advance by a privacy information holder and the aforementioned service policy, a data disclosure decision can be automatically/semi-automatically made.
P3P has a problem that a privacy information user cannot use the data and a privacy information holder cannot receive a service when a conflict arises between the user policy and the service policy and data disclosure agreement cannot be reached (for instance, when there is a conflict between the two policies regarding the conditions of data disclosure). Therefore, policy agreement must be reached between the privacy information holder and the privacy information user. Such a method for reaching policy agreement between two parties is called policy arbitration method.
Patent Literature (PTL) 1 describes an example of the policy arbitration method. The policy arbitration method in Patent Literature 1 is constituted by privacy information holder terminals connected to each other via a network, a privacy information user terminal, and a server.
According to Patent Literature 1, each of the privacy information holder terminals registers a privacy policy defining standards for using privacy information to the server, the privacy information user terminal registers a user policy defining a range of requirements for privacy information disclosure to the server, the server determines whether or not there is a conflict between the policies, and the server notifies the privacy information holder terminal of the user policy when there is a conflict, requesting consent for privacy information disclosure. When there is no conflict and when consent is made, the privacy information user terminal is able to use the privacy information.
Further, Non-Patent Literature 2 describes another example of a policy arbitration method. The policy arbitration method in Non-Patent Literature 2 is constituted by privacy information holder terminals and privacy information user terminals connected by a network.
According to Non-Patent Literature 2, a privacy information user terminal transmits a user policy to a privacy information holder terminal, and the privacy information holder terminal compares the user policy to a privacy policy and transmits attribute information of the privacy information holder if there is no conflict. Further, when there is a conflict, a user transmits use/preservation conditions to the privacy information user terminal from the privacy information holder terminal, and the privacy information user terminal creates a new user policy meeting these conditions and transmits the new policy to the privacy information holder terminal. In other words, policy arbitration is performed by repeating the transmission of the user policy, the comparison, the transmission of conditions, and the creation of a new policy until agreement between the two parties is reached.
Patent Literatures 2 to 4 are other relevant documents.    PTL 1:    Japanese Patent Kokai Publication No. JP2004-192353A    PTL 2:    Japanese Patent Kokai Publication No. JP2003-132160A    PTL 3:    Japanese Patent Kokai Publication No. JP2006-344156A    PTL 4:    Japanese Patent Kokai Publication No. JP2008-117026A    NPL 1:    Platform for Privacy Preferences (P3P) Project, [online], [searched on Feb. 23, 2011], the Internet <URL: http://www.w3.org/P3P/>.    NPL 2:    Hatakeyama, M., Gomi, H., “Privacy Policy Negotiation Framework for Attribute Exchange”, W3C Workshop on Languages for Privacy Policy Negotiation and Semantics—Driven Enforcement, 2006, [online], [searched on Feb. 23, 2011], the Internet <URL: http://www.w3.org/2006/07/privacy-ws/papers/22-hatakeyama-negotiation-attributes/>.